Vulnerabilities and security researches formelhor-envio-cotacao melhor-envio-cotacao

Jun 06, 2024

CVE, Research URL: 13a83e5dd59fa8c582fb848c15bfdc1f39429314
Home page URL: Security reports for Melhor Envio
Application: Melhor Envio
Date: Apr 26, 2022
Research Description: Melhor Envio [melhor-envio-cotacao] < 2.11.20 Melhor Envio <= 2.11.19 - Cross-Site Request Forgery and Authenticated Settings Change The Melhor Envio plugin for WordPress is vulnerable to authenticated settings changes and Cross-Site Request Forgery in versions up to, and including, 2.11.19. This allowed any authenticated user to directly modify plugin settings, and allowed unauthenticated users to modify the same settings if they could trick an authenticated user into performing an action, such as clicking a link.
Affected versions: Min -, max -.
Status: vulnerable

Apr 09, 2025

CVE, Research URL: CVE-2024-13820
Home page URL: Security reports for Melhor Envio
Application: Melhor Envio
Date: Apr 08, 2025
Research Description: The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.9 via the 'run' function, which uses a hardcoded hash. This makes it possible for unauthenticated attackers to extract sensitive data including environment information, plugin tokens, shipping configurations, and limited vendor information.
Affected versions: Min -, max -.
Status: vulnerable